options {
    directory "/var/named";

    // uncomment the following lines to turn on DNS forwarding,
    // and change the forwarding ip address(es) :
    //forward first;
    //forwarders {
    //  123.123.123.123;
    //  123.123.123.123;
    //};

    listen-on-v6 { none; };
    listen-on { 127.0.0.1; };

    // to allow only specific hosts to use the DNS server:
    //allow-query {
    //  127.0.0.1;
    //};

    // if you have problems and are behind a firewall:
    //query-source address * port 53;
    pid-file "/run/named/named.pid";

    // Enable recursion , this is a potential security problem, see http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf
    // recursion yes;
    // allow-recursion { localnets; localhost; };
    // allow-query-cache { localnets; localhost; };
};

// Briefly, a zone which has been declared delegation-only will be effectively
// limited to containing NS RRs for subdomains, but no actual data beyond its
// own apex (for example, its SOA RR and apex NS RRset). This can be used to
// filter out "wildcard" or "synthesized" data from NAT boxes or from
// authoritative name servers whose undelegated (in-zone) data is of no
// interest.
// See http://www.isc.org/products/BIND/delegation-only.html for more info

//zone "COM" { type delegation-only; };
//zone "NET" { type delegation-only; };

zone "." IN {
    type hint;
    file "named.ca";
};

zone "localhost" IN {
    type master;
    file "pri/localhost.zone";
    allow-update { none; };
    notify no;
};

zone "127.in-addr.arpa" IN {
    type master;
    file "pri/127.zone";
    allow-update { none; };
    notify no;
};
